Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
101102103104105106107108109110
HP-UX IPFilter Utilities
The ipmon Utility
Chapter 5 95
Field 3—Rule group number: rule number of the rule that acted on
the packet
Field 4—Blocked (b) or Passed (p) packet
Field 5—Packet origin
Field 6—Packet destination
Field 7 and 8—Protocol used
Field 9—Packet size
Field 10—Flags set on packet
Run the ipfstat -in command to determine which rule caused the
problem. In this example, you would use this command to look at rule 2
in rule group 0.
Occasionally, a packet that was part of a state connection might appear
in the ipmon -o I log. This can happen if a packet with the same
sequence number as another packet is processed by IPFilter. A state
packet might also be logged by the regular IPFilter log if it is the last
packet in a stateful connection, and arrives after the state has been torn
down by IPFilter.
Example:
#ipfstat -n
12:46:12.470951 lan0 @0:1 S 20.20.20.254 -> 255.255.255.255 PR
icmp len 20 9216 icmp 9/0
This is a ICMP router discovery broadcast. It is indicated by the ICMP
type 9/0.
ipmon and DCA Logging
DCA logging creates a new device file. The log alerts records go to
/dev/ipl and the summary records are logged to /dev/iplimit. To log
the summary records, use ipmon with the -A option. Using ipmon -A
prints a summary log for a limit entry before the entry being removed
from the limit table.
Example:
ipmon -A /dev/iplimit > $LOGDIR/limit_summary.log &